From: Antony Dovgal <tony2001@php.net>
Date: Fri, 25 Jan 2008 13:42:24 +0000 (+0000)
Subject: endless loop (and stack overflow) protection in compact()
X-Git-Tag: RELEASE_2_0_0a1~784
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c98b4a5c683325e1099e32faf0a6e07c4e45079c;p=php

endless loop (and stack overflow) protection in compact()
---

diff --git a/ext/standard/array.c b/ext/standard/array.c
index 2a99e960f0..b09b5ca5ce 100644
--- a/ext/standard/array.c
+++ b/ext/standard/array.c
@@ -1574,6 +1574,13 @@ static void php_compact_var(HashTable *eg_active_symbol_table, zval *return_valu
 	else if (Z_TYPE_P(entry) == IS_ARRAY) {
 		HashPosition pos;
 
+		if ((Z_ARRVAL_P(entry)->nApplyCount > 1)) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "recursion detected");
+			return;
+		}
+
+		Z_ARRVAL_P(entry)->nApplyCount++;
+
 		zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(entry), &pos);
 		while (zend_hash_get_current_data_ex(Z_ARRVAL_P(entry), (void**)&value_ptr, &pos) == SUCCESS) {
 			value = *value_ptr;
@@ -1581,6 +1588,7 @@ static void php_compact_var(HashTable *eg_active_symbol_table, zval *return_valu
 			php_compact_var(eg_active_symbol_table, return_value, value);
 			zend_hash_move_forward_ex(Z_ARRVAL_P(entry), &pos);
 		}
+		Z_ARRVAL_P(entry)->nApplyCount--;
 	}
 }
 /* }}} */